The security firm, Zimperium zLabs has discovered Android Stagefright security flaw, which is a critical vulnerability in the Google’s Android operating system. It can allow hackers to take control of the Android smartphones just by sending a simple message or MMS.

The security firm, Zimperium zLabs said in a blog post regarding the Android Stagefright security flaw:

“Gaining remote code execution privileges merely by having access to the mobile number? Enter Stagefright. The targets for this kind of attack can be anyone from prime ministers, government officials, company executives, security officers to IT managers. We dived into the deepest corners of Android code and discovered what we believe to be the worst Android vulnerabilities discovered to date. These issues in Stagefright code critically expose 95 percent of Android devices, an estimated 950 million devices.”

According to the security firm, the MMS used by the attackers to hack Android phones can be destroyed even before the phone owner reads it. The users don’t even need to open an attachment or download a corrupted file. The malicious code can take over the moment user’s receive a text message or MMS.

This issue is caused due to an Android Stagefright security flaw and here is how the attack would work:

The hackers create a short video and hide the malware inside it and then text it to a user’s number. As soon as it’s received by the phone it does its initial processing, which will trigger the vulnerability.

The messaging app Hangouts by Google also processes videos instantly to keep them ready in the phone’s gallery, so that the user doesn’t have to waste time looking. The security firm said that due to this setup the malware can be triggered easily and can take control over the phone.

However, there is good news for users that Zimperium has already alerted Google regarding the Android Stagefright security flaw and the search engine giant has started applying the relevant patchwork. But users who have older versions of Android OS may never get a patch at all. Android users can protect themselves by navigating to the SMS / MMS menu, then select the Settings tab and then turn off “automatic extraction.”